Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- dropdown case to populate token
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dropdown case to populate token
surekhasplunk
Communicator
05-22-2019
06:41 PM
Hi,
I have a dropdown with 5 values.
But in the following panel query the table and index which i am using has no reference to that above dropdown values.
So i have used makeresults to populate the token and use it in the query
Now how can i say if from dropdown A is choosen then taken token1 and if from dropwn B is choosen then use token2
I tried with a if and eval but thats not working can you may be help with the if condition here so that i can use the same token but gets populated accordingly or use a case statement
<form>
<label>abc</label>
<search>
<query>|makeresults |eval cfd_hosts=if($infraname$="FRA-CLOUD GTS","SC2CLK-CLOUD-CFD-VDC2 OR host=SC2BJV-CLOUD-CFD-VDC2 OR host=DC2A4-CLOUD-CFD-VDC2",1 )| fields cfd_hosts
</query>
<done>
<set token="tokField1">$result.cfd_hosts$</set>
</done>
</search>
<search>
<query>|makeresults |eval fra_bip_hosts="TIGR7-BIP-CFD-A2 OR host=TIGR4-BIP-CFD-A1 OR host=SC2CLK-SVC-CFD-A OR host=SC2ASV-SVC-CFD-A1" | fields fra_bip_hosts
</query>
<done>
<set token="tokField2">$result.fra_bip_hosts$</set>
</done>
</search>
<fieldset submitButton="false">
<input type="dropdown" token="infraname" searchWhenChanged="true">
<label>field1</label>
<fieldForLabel>Infrastructure Name</fieldForLabel>
<fieldForValue>Infrastructure Name</fieldForValue>
<search>
<query>|inputlookup temp_infraname.csv | table "Infrastructure Name"</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
</input>
</fieldset>
<row>
<panel>
<table>
<title>$infraname$ choosen</title>
<search>
<query>| mstats max(_value) as Bits_in_sec where index=ehealth (host=$tokField2$) AND metric_name="*in"
by host,metric_name, info span=1d </query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DavidHourani
Super Champion
05-22-2019
11:21 PM
Hi @surekhasplunk,
Seems like you're looking for conditional token behavior, have a look at the official documentation here there's a good example on how to use it :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/ContextualDrilldown#Configure_conditional_beh...
And here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/tokens#Conditional_operations_with_form_input...
You can use on change for each of your inputs so whenever one changes your token is set, so for the first input you would have:
<change>
<set token="yourtoken">$token1$</set>
</change>
And the second as well but with token2:
<change>
<set token="yourtoken">$token2$</set>
</change>
Cheers,
David
Get Updates on the Splunk Community!
Splunk App for Anomaly Detection End of Life Announcment
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
